CLAIMS: 

1 . A method performed by a client comprising: 

receiving a password challenge from a server; and 
displaying a prompt asking a user for a password, the prompt including an 
authentication graphic visible to the user. 

2. The method of claim 1, wherein displaying the prompt comprises calling a secure 
password prompt routine having access to a secure storage. 

3. The method of claim 2, wherein displaying the prompt further comprises 
retrieving a stored secret from the secure storage and generating the authentication 
graphic using the retrieved secret. 

4. The method of claim 1, wherein the user can verify the authenticity of the prompt 
by comparing the authentication graphic to a known graphic. 

5. The method of claim 4, wherein the known graphic is physically attached to the 
client. 

6. The method of claim 1, further comprising: 

receiving the password from the user; 
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generating a digest using the received password and password challenge; 

and 

sending the digest to the server. 

7. The method of claim 3, wherein the secret becomes stored in the secure storage 
when first entered by the user. 

8. The method of claim 3, wherein the secret becomes stored in the secure storage 
when generated based upon information entered by the user. 

9. A client device comprising: 

a communications device to receive a password challenge from a server; 

and 

a display device to display a prompt asking a user for a password, the 
prompt including an authentication graphic visible to the user. 

10. The client device of claim 9, further comprising: 

a secure storage; and 

a processor coupled to the communications device and the display device, 
wherein the processor directs the display device to display the prompt by calling a 
secure password prompt routine having access to the secure storage. 
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1 1 . The client device of claim 10, wherein the processor retrieves a stored secret from 
the secure storage and generates the authentication graphic using the retrieved secret prior 
to directing the display device to display the prompt. 

12. The client device of claim 9, wherein the user can verify the authenticity of the 
prompt by comparing the authentication graphic to a known graphic. 

13. The client device of claim 12, wherein the known graphic is physically attached to 
the client. 

14. The client device of claim 13, wherein the known graphic is physically attached to 
the display device. 

15. A machine-readable medium having stored thereon data representing instructions 
that, when executed by a processor of a client, cause the processor to perform operations 
comprising: 

receiving a password challenge from a server; 

displaying a prompt asking a user for a password, the prompt including an 
authentication graphic visible to the user. 

16. The method of claim 15, wherein displaying the prompt comprises calling a 
secure password prompt routine having access to a secure storage. 
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1 7. The method of claim 1 5, wherein displaying the prompt further comprises 
retrieving a stored secret from the secure storage and generating the authentication 
graphic using the retrieved secret. 

1 8. The method of claim 1 5, wherein the user can verify the authenticity of the 
prompt by comparing the authentication graphic to a known graphic. 

1 9. The method of claim 1 8, wherein the known graphic is physically attached to the 
client. 

20. The method of claim 1 5, further comprising: 

receiving the password from the user; 

generating a digest using the received password and password challenge; 

and 

sending the digest to the server. 
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